Category: HOWTO

From time to time I’ve done something which make my life or work easier, something I could be proud of it. Some of this solutions take quite a lot of time and I don’t want to reinvent them on next occasion – so all of them could be found here for later use. Use it if you need.

It happen to me all the time that one of developers notifies me about some kind of problem that I can’t confirm from my account. Sometimes it was because of bad ssh keys configuration, other times file permissions, mostly such stuff. It’s sometimes convenient to “enter into someone’s shoes” to see what’s going on there.

If you’re root on machine you may do that like this:

su developer -

Easy one but that’s not enough for all cases. When you use bastion host (or similar solutions) sometimes users have connection problems and it’s harder to check. When such user have ForwardAgent ssh option enabled you may stole this session to check login problems. After you switch to such user, you may wan’t to hide history (it’s optional 😉 ) – disable history like that:

export HISTFILESIZE=0
export HISTSIZE=0
unset HISTFILE

Now you may stole ssh session, but first check if you have your dev is logged on:

Virtualenvs in python are cheap but from time to time you will install something with pip on your system and when time comes removing all this crap could be difficult. I found this bash snippet that will uninstall package with all dependencies:

I’ve been using standard MySQL dumps as backup technique on my VPS for few years. It works fine and backups were usable few times when I needed them. But in other places I’m using xtrabackup. It’s faster when crating backups and a lot faster when restoring them – they’re binary so there is no need to reevaluate all SQL create tables/inserts/etc. Backups also include my.cnf config file so restoring on other machine should be easy.

After I switched from MariaDB to Percona I have Percona repos configured, so I will use latest version of xtrabackup.

apt-get install -y percona-xtrabackup

Prerequisities

xtrabackup requires configured user to be able to make backups. One way is to write user and password in plaintext in ~/.my.cnf. Another is using mysql_config_editor to generate ~/.mylogin.cnf file with encrypted credentials. To be honest I didn’t check what kind of security provides this encryption but it feels better than keeping password in plaintext.

I do not want to create new user for this task – I just used debian-sys-maint user. Check password for this user like this:

I prefer to have single archive with backup because I’m transferring those files to my NAS (for security). But for local backups directories are more convenient and faster when restoring. Also tar archives have to be decompressed with -ioption.

Restoring

First time I saw it it scared me a little but after all worked fine and without problems…

When you deploy your application in cloud you don’t need and don’t want your hosts exposed via SSH to the world. Malware scans whole network for easy SSH access and when find something will try some brute force attacks, overloading such machines. It’s easier to have one exposed, but secured host, that doesn’t host anything and is used as proxy/gateway to access our infrastructure- it’s called bastion host.

Ansible is quite easy to integrate with bastion host configuration. We will need custom ansible.cfg and ssh_config file. So let’s start with ssh_config:

StrictHostKeyChecking no – this options shouldn’t be there for production but it’s useful at beginning when you create and destroy machines few times before you test everything. Normally this will cause notifications about ssh key changes, but you’re aware of that – you just recreated those machines.

I’ve found examples without netcat but was unable to get them working – this one worked for me really well.

Most important section here is in ssh_args where we’re pointing to ssh_config file in current dir with -F option. I also have to reenter configuration for multiplexing here – it wasn’t working with ssh only configuration. control_path option have to use same paths like ssh_config (% signs are escaped with %%).

You should be able to run ansible/ansible-playbook commands normally now – all traffic will be forwarded through bastion.

It’s good time now to install fail2ban on bastion and maybe reconfigure it to run ssh on crazy high port 🙂

Lately I was searching for mobile notebook that I could use for remote work. I checked f ThinkPad series but they were huge bricks that have nothing in common with ‘mobile’ word. Then I saw ASUS Zenbook that I didn’t take into account before and it was exactly what I was searching for.

Configuration of Skylake based notebook right now is not straightforward – there are still glitches and small bugs that are waiting to be fixed. I want to sum up what I’ve done after installation. I started with fresh Ubuntu 16.04 to get Debian based distro with possibly latest kernel and patches.

Disable touchpad when writing

It’s crazy annoying when you tap touchpad during writing text and lose focus on editor window. There is solution for that, it’s even installed by default on Ubuntu and it’s called: syndaemon. It’s started by default like this:

syndaemon -i 1.0 -t -K -R

1 second feels too small for me. I will adjust it to 2s. There is no easy way to do this. I created script to run on login:

Suspend/Hibernate on lid close

Default configuration of Ubuntu 16.04 was that after I close lid screen was blocked and LCD disabled. But system was still working normally – I strongly prefer to hibernate in such case and use no battery at all.

I achieved that with systemd-logind. Edit /etc/systemd/logind.conf and uncomment line with HandleLidSwitch:

[Login]
HandleLidSwitch=suspend
HandleLidSwitchDocked=ignore

Now restart systemd-logind service with:

systemctl restart systemd-logind.service

Problem with function keys

Function keys were mostly working but not always like I expected. For example when I disable touchpad – it’s not disabled 🙂

I found that module asus-nb-wmi is responssible for that and it’s still buggy. So I disabled it at all with:

echo "blacklist asus-nb-wmi" > /etc/modprobe.d/blacklist-ux305.conf

Volume UP/DOWN/MUTE are still working fine – that’s enough for me. Rest could be configured with some keyboard shortcuts – more info here.

TODO/Issues

I still face some bugs:

I could see occasional flickering from time to time. Rather after running notebook for some time than overheating/overloading it. This may be driver issue or maybe SNA acceleration method – I have to experiment a little to get this solved.
Looks like disabling Virtualization support and VT-d in BIOS helped. It’s not final solution but for now I don’t need it… A lot 😉

Tapping sometimes behave strange, for ex. tap to click stops to work and I have to use touchpad buttons for that. I think this may be related to syndaemon configuration because it started after I tuned it.
It was that. My hack for syndaemon broke touchpad. I will play with this a little more later.

I like to use copy by selection and paste by middle click on my desktop – I’m addicted to this option but it’s not working on my laptop. I’m not sure if this will be convenient enough on touchpad to use.
To right click just tap with two fingers, to middle click (third button) tap with three fingers. Copy/paste is again easy like before.

If you found errors in my text of know better solutions for described problems, please tell in comments.